in der stable gibt es ja momentan diesen Bug bei der Plugin Verwaltung:
kann man so trotzdem Plugins installieren oder sollte man besser das Update abwarten?
würde gerne das SpamAssassin Plugin installieren und bin mir jetzt nicht sicher ob nachher alles funktioniert
because of many customers complain the mail quota 
many user have 50-100 mail accounts and they do not want constantly adjust the qouta of all their mail accounts, I decided to set all accounts to unlimited.
### edit ###
I guess this should work:
is it possible to change the Main System Administrator Username?
fex. from: admin to: adminblaBLA123
Hello Nuxwin,
the modification will generate a new (personal) cookie if the location is /admin or /client:
if you try to call /pma or /tools/pma you will be redirected to the ControlPanel
I know this is a simple cookie protection only but it will be more comfortable for the User as htaccess password Protection ... and if a User gives a htaccess password to others everyone can access htaccess protected areas ...
It would be better to use a random value for the cookie but this can be done only in the PHP sources (I dont want to touch or change it) ...
the auto PMA login from sql_manage.tpl will not work because of the header location from pma_auth.php ... and so I changed the PMA URLs to:
For all those who are just as paranoid as I am 
This modification prevents direct access to PMA and Filemanager, you have to login into the control panel first.
IMPORTANT: this is working only with version starting @ Latest Stable-Release: 1.1.2
because of different V-Host entrys in earlier version
replace with your details:
- YourSecret123456
- YourCookieName
- https://admin.YourPanelURL.tld
service apache2 restart
also as administrator you have to log into the panel before you can use PMA, therefore we will create a custom menu entry in the Admin Panel:
but fail2ban is useless because recently a attacker is using IP pools from a botnet ...
I have watched this many times ... the same IP will be used only one time and afterwards a new attack with a new IP is started
no way to block this kind of attacks with iptables or whatever ...
that is why PMA and Filemanager should be protected with a captcha or used only within the controlpanel
I have tried another solution with a cookie check and redirect to panel login ...
the User have to login first before using PMA
could it be that mod_rewrite is not working within the /tools folders?
the cookie has been set but I guess rewrite (second htaccess) did not work
fex:
I had bruteforce attacks from a botnet for about 2 months ... which means blocking of IP addresses did not helped
the only way to stop the attacks was using additional htaccess password protection
this htaccess should work but it's also blocking:
found out a bit more ...
I have protected /var/www/imscp/gui/public with .htaccess
is there a way to get it working with PMA session and .htaccess?
